Hello, I am trying to use https://www.pulumi.com/registry/packages/awsx/api-docs/ecr/repository/ in a Python Pulumi program for an existing repository. I want to import it and then have

awsx.ecr.Repository

manage it, but I am having issues importing it. I have tried: 1. using https://www.pulumi.com/docs/intro/concepts/resources/options/transformations/#stack-transformations to add an

import_

resource option, but it seems to be ignored (it wants to create the resource); 2. importing the ecr repository with the stack as the parent and using stack transformations to add an alias to the ecr repository child resource of

awsx.ecr.Repository

, but even though a

pulumi.Alias

instance got resolved to an URN in `pulumi_aws.ecr.Repository`'s

._aliases

field, it still got ignored (it wants to delete the existing repository and to create the new one). Is it perhaps related to the fact that the parent (

awsx.ecr.Repository

instance) of the existing resource (

pulumi_aws.ecr.Repository

) does not exist yet?

Hi, I was wondering how people manage resources in multiple AWS accounts. We're currently using custom providers for each AWS account and we're assuming the AWSControlTowerExecution for each one. It works well, but feels wrong, since we're now giving more access to the users than what their might require. Any thoughts on this?

Hey everyone! I was wondering if there is any support for AWS Pricing Calculator

Hii everyone, can Pulumi when I run `pulumi up`there is any call rest api to third party like call gitlab api? Thanks

Hey team 👋 I'm working on providing our team a JIT admin role for all sort of stuff they're doing, that includes deploying manual infra changes, using Pulumi. The issue I encountered is that Pulumi does not prompt for MFA as the role specify... Does anyone knows what is the way to approach this?

Hello! How would one take ownership of a resource that was created as as result of another resource created by Pulumi? Specifically, when using a Helm chart resource to install istio-ingressgateway, it creates an ELB that I want to manage with Pulumi. But I don’t know the id of the ELB at creation time, so importing it doesn’t seem to be a good option.

Hey everyone, is the awsx module stable at v0.40? Or is that also still considered beta?

Is there a way to change the default route (which points to local) of a route table with Pulumi? This is something which is possible in the API but i get errors when trying to do this with RouteTable and Route 😞

Hi there, I am trying to create an Appsync resolver with no data source, just to send back the version number of the backend. According to AWS, resolvers can have None as datasource. According to Pulumi doc, data_source is an optional parameter of

aws.appsync.Resolver

. But when I’m creating a resolver with no data source with Pulumi, like :

resolver_get_version = aws.appsync.Resolver(
    "my-resolver",
    api_id=graphql_api.id,
    field="getVersion",
    type="Query",
    request_template="""
    """,
    response_template="""
    $util.toJson("1.0.0")
    """,
)

I get

* error creating AppSync Resolver: BadRequestException: Data source name not specified.

Any idea?

Hi guys, I needed to renumber a few subnets (effectively use a different CIDR). I was hoping Pulumi would sort everything out itself (😇) , but unfortunately that doesn't seem to be the case:

aws:elasticache:SubnetGroup (development-redis-cluster-subnet-group)
    error: 1 error occurred:
	* updating urn:pulumi:development::infrastructure::aws:elasticache/subnetGroup:SubnetGroup::development-redis-cluster-subnet-group: 1 error occurred:
	* error updating ElastiCache Subnet Group (development-redis-cluster-subnet-group-d9a2442): SubnetInUse: The subnet ID subnet-080131aac7c84ef96 is in use.
	status code: 400, request id: 0ef21b3e-3cb0-42ac-8f71-deda19664e99
 
  aws:memorydb:SubnetGroup (development-memorydb-subnetgroup)
    error: 1 error occurred:
	* updating urn:pulumi:development::infrastructure::aws:memorydb/subnetGroup:SubnetGroup::development-memorydb-subnetgroup: 1 error occurred:
	* error updating MemoryDB Subnet Group (development-memorydb-subnetgroup-605fbe7): SubnetInUse: The subnet IDs subnet-0f6fd73e1a386d9dd,subnet-080131aac7c84ef96 are in use.
 
  aws:rds:SubnetGroup (development-postgresql-subnetgroup)
    error: 1 error occurred:
	* updating urn:pulumi:development::infrastructure::aws:rds/subnetGroup:SubnetGroup::development-postgresql-subnetgroup: 1 error occurred:
	* InvalidParameterValue: Some of the subnets to be deleted are currently in use: subnet-080131aac7c84ef96
	status code: 400, request id: bf6bd299-5566-47f5-933f-227c0a200119

What's the general recommendation to be able to perfom such changes successfully? Or more concretely, how do I fix this? 😄

Am I right in assuming there are no helpers like AWS CDK's

grantRead

or

grantReadWrite

in Pulumi? Everything must be written as separate roles/policies?

Got it. I didn't prod the type quite enough.

taskRole: { roleArn: taskRole.arn },

Hello - I am hoping to use codedeploy for a lambda-based application but am struggling to get it set up. Does pulumi support lambda-based applications in codedeploy?

Hey all, quick question about VPC(using crosswalk) and RDS. I am having issues associating an instance with a VPC upon creation. I see that the only options when creating an instance are:

dbSubnetGroupName

&

vpcSecurityGroupIds

. Which should I be using to associate the RDS instance to the VPC? (Creating the VPC first because I am having issues connecting to the instance created in the default vpc).

We’re having a bit of a trouble figuring out what flavor of aws library we should be using; aws, aws native, awsx, awsx classic? There also seems to be a major version coming to awsx so the docs/guides and the api reference seem to be out of sync.

Hi, Im using Pulumi with YAML. How can I make a condition to check if a resource exists to avoid that Pulumi shows me an error telling me that the resource already exists in the AWS Cloud ?. Regards,

I need the YAML file for creating the AWS vpc , directory service with users and workspace.

Do you have any template for this?

Hi , I am new to pulumi and wanted to create an aws AMI From Instance using this code (pulumi with js) :

const backup = new aws.ec2.AmiFromInstance(`try-AMI`,{
  sourceInstanceId : 'i-0000000000',
  description:`AMI from instance`, 
  snapshotWithoutReboot:1
 
})
 
// Export the name of the bucket
exports.backupName = backup.name;
exports.backupId = backup.id;
 
exports.backupArn = backup.arn;

I got this error :

error: update failed

 aws:ec2:AmiFromInstance (try-AMI -1892022115):
   error: 1 error occurred:
       * error creating EC2 AMI try-AMI -1892022115-a6bdcdd) from EC2 Instance ('i-0000000000'): InvalidInstanceID.NotFound: The instance ID 'i-0000000000'' does not exist
       status code: 400, request id: c8ef283f-2cec-4e95-8439-d03cd3369c9b

in the aws managment console I see the instance (running) , can anybody help me please ? thank you.

Using the cdk integration we're getting:

Diagnostics:
  aws-native:events:EventBus (ApiEventBus0174951C):
    error: Resource type aws-native:events:EventBus not found

Any ideas?

Question about EKS aws-auth configMap that gets created alongside the cluster. Is it possible to edit this configMap during the cluster creation since this is using crosswalk? I want to add a user to the managedUsers property, to allow access to myself (since the cluster is being created by a dedicated pulumi user)

Doesn't look like there is alot of chatter in here about GovCloud. Does anyone use pulumi with GovCloud here?

Hello everyone, Can i put config in `Pulumi.yaml`instead of put inside each of stacks? Thank you

I have a DNS resolution problem on Mac with Pulumi AWS Provider and I suspect it caused by a Golang flag

CGO_ENABLED=0

can anyone help me to build the plugin binary with the flag set to 1? I figured that the easiest way will be to fork the repository and then trigger GH action to build me an artifact and spare me of having to setup dev env https://github.com/pulumi/pulumi-aws/issues/2185 https://github.com/jans-forks/pulumi-aws

authrole=aws.iam.Role( "authrole" , name="rolelist", assume_role_policy=json.dumps({ "Version": "2012-10-17", "Statement":[{ "Effect": "Allow", "Action": "sts:AssumeRole", "Principal":{ "Service":"ec2.amazonaws.com" } }] }) ) policyrole=aws.iam.RolePolicyAttachment( "policyrole", role=authrole.name , policy_arn=aws.iam.ManagedPolicy.AMAZON_SSM_MANAGED_INSTANCE_CORE ) myprofile=aws.iam.InstanceProfile( "myprofile" , name="profilelist", role=authrole.name ) mytp=aws.ec2.LaunchTemplate( "mytp" , instance_type="t2.micro", image_id="ami-09d3b3274b6c5d4aa", vpc_security_group_ids=[securewb.id], iam_instance_profile=aws.ec2.LaunchTemplateIamInstanceProfileArgs( name=myprofile.name, arn=myprofile.arn), block_device_mappings=[ aws.ec2.LaunchTemplateBlockDeviceMappingArgs( device_name="/dev/sdo" , ebs=aws.ec2.LaunchTemplateBlockDeviceMappingEbsArgs( volume_size=8 , volume_type="gp2" , encrypted=False ) ) ]) mygps=aws.autoscaling.Group( "mygps", name="gps2" , vpc_zone_identifiers=[ websbts1.id , websbts2.id , websbts3.id ], min_size=1, max_size=9, desired_capacity=3, health_check_grace_period=300, health_check_type="ELB" , default_cooldown=300 , launch_template=aws.autoscaling.GroupLaunchTemplateArgs( id=mytp.id , version="$Latest" ) ) myattachment= aws.autoscaling.Attachment( "myattachment", autoscaling_group_name=mygps.name , lb_target_group_arn=mytargets.arn ) myssmdocs7= aws.ssm.Document( "myssmdocs7", name="docroles67" , document_format="YAML", content="""schemaVersion: '1.2' description: Check ip configuration of a Linux instance. parameters: {} runtimeConfig: 'aws:runShellScript': properties: - id: '0.aws:runShellScript' runCommand: - sudo yum update -y - sudo yum upgrade -y - sudo yum install httpd -y - sudo yum install -y https://s3.us-east-1.amazonaws.com/amazon-ssm-us-east-1/latest/linux_amd64/amazon-ssm-agent.rpm - sudo systemctl start amazon-ssm-agent - sudo systemctl enable amazon-ssm-agent - sudo systemctl start httpd - sudo systemctl enable httpd - sudo echo "welcome to site" > /var/www/http/index.html """ , document_type="Command" , target_type="/AWS::EC2::Instance" ) ssmlinks6=aws.ssm.Association( "ssmlinks5", name=myssmdocs7.name , document_version=myssmdocs7.document_version , association_name="myassociationlinks7" , targets=[ aws.ssm.AssociationTargetArgs( key="InstanceIds", values=["*"], ) ])

issue that session manager for ec2 instance not enabled yet even defined iam role and policy attachment with policy_arn , apply iam instance profile in launch template

Hello team! Any guide on pulumi-eks setup Running following code

import pulumi
import pulumi_ssp
from pulumi_ssp import SharedServicesPlatform, ClusterArgsArgs
from pulumi_aws.eks import FargateProfileSelectorArgs

ssp = SharedServicesPlatform("python-platform", cluster_args=ClusterArgsArgs(kubernetes_version="1.21.0", region="us-east-2"))
ssp.add_managed_node_group(name="test-python-ng", desired_size=1, min_size=1, max_size=1, instance_types=["t3.medium"])
# ssp.add_fargate_profile(name="fargate", selectors=[FargateProfileSelectorArgs(namespace="fargate", labels={"namespace": "fargate"})])
ssp.onboard_team(name="team-python", repository="<http://github.com/pulumi/pulumi|github.com/pulumi/pulumi>", controller="pulumi")

and getting following error on pulumi-ssp installation

ERROR: Could not find a version that satisfies the requirement pulumi-ssp (from versions: none)
ERROR: No matching distribution found for pulumi-ssp

has anyone experienced s3 bucket creation hanging when trying to use a provider? the 'creating...' just hangs indefinitely when I try to do something like this:

const replicantProvider = new aws.Provider("replicantProvider", {
        region: 'us-east-2'
    });


    const replicantS3Bucket = new aws.s3.Bucket(replicantBucketName, replicantBucketConfig, {
        provider: replicantProvider
    });

does anyone have experience using pulumi to create aws accounts via organizations (https://www.pulumi.com/registry/packages/aws/api-docs/organizations/account/) i'm trying to figure out how to create IAM roles within a newly created account. e.g. the bootstrap process for getting an access key & within the new account that can then be used to create a new pulumi provider with those creds.